MASTER  COPY 


REPORT  DOCUMENTATION  PAGE 


KEEP  THIS  COPY  FOR  REPRODUCTION  PURPOSES 


Form  Approved 


0MB  No.  0704-0188 


Public  reoortmg  burden  for  this  coileaion  of  information  is  estimated  to  average  ’  hour  per  response,  including  the  time  for  reviewing  mstruaions,  searching  existing  data  sources, 
gathering  and  maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this 
coileaion  of  information,  including  suggestions  for  reducing  this  burden,  to  Washington  Headquaaers  Services.  Oireaorate  tor  information  Operations  and  Reports.  1215  Jefferson 
Oavis  Highway  Suite  1204,  Arlington.  V  A  22202-4302.  and  to  the  Off  ice  of  Management  and  Budget.  Paperwork  Redurtion  Projea  (0704-0188).  Washington.  DC  20503. 


1.  AGENCY  USE  ONLY  (Leave  blank)  I  2.  REPORT  DATE 


3.  REPORT  TYPE  AND  DATES  COVERED 

Final  Report 


4.  TITLE  AND  SUBTITLE 

Automatically  Combining  Changes  to  Software  Systems 


5.  FUNDING  NUMBERS 

ARO  117-93 


7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS 


Computer  Science  Department 
U.S.  Naval  Postgradute  School 
Monterey,  CA  93943 


8.  PERFORMING  ORGANIZATION 
REPORT  NUMBER 


9.  SPONSORING /MONITORING  AGENCY  NAME(S)  AND  ADDRESS(ES) 

U.  S.  Army  Research  Office 

P.  0.  Box  12211 

Research  Triangle  Park,  NC  27709-2211 

3 

10.  SPONSORING /MONITORING  j 

AGENCY  REPORT  NUMBER  | 

i 

i 

1 

11.  SUPPLEMENTARY  NOTES  j 

The  view,  opinions  and/or  findings  contained  in  this  report  are  those  of  the  j 

author (s)  and  should  not  be  construed  as  an  official  Department  of  the  Army 
position,  policy,  or  decision,  unless  so  designated  by  other  documentation.  | 

12a.  DISTRIBUTION /AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  unlimited. 

12b.  DISTRIBUTION  CODE 

13.  ABSTRACT  (Maximum  200  words) 

This  project  has  been  working  to  establish  a  theoretically  sound  approach  to 
managing  changes  to  software  systems  via  automated  methods  for  combining 
changes  with  provable  guarantees  of  correctness.  Given  a  base  version  of  a 
software  system  and  two  different  enhanced  versions  we  are  seeking  to 
automatically  construct  a  combined  version  that  incorporates  both  of  the 
enhancements  to  the  base  version.  Combining  changes  to  a  system  is  a  central  problen 
in  many  software  development  and  maintenance  activities,  particularly  in  contexts 
where  several  enhancements  are  developed  concurrently. 


19951129  090 


one  QUALITY  mSPECTED  8 


15.  NUMBER  OF  PAGES 


14.  SUBJECT  TERMS 

Software  change  merging,  computer  aided  design, 
software  maintenance,  software  evolution,  concurrent  engineer- M 6- PRICE  code 


17.  SECURITY  CLASSIFICATION 
OF  REPORT 

UNCLASSIFIED 


NSN  7540-01-280-5500 


18.  SECURITY  CLASSIFICATION 
OF  THIS  PAGE 

UNCLASSIFIED 


19.  SECURITY  CLASSIFICATION 
OF  ABSTRACT 

UNCLASSIFIED 


20.  LIMITATION  OF  ABSTRACT 


Standard  Form  298  (Rev  2-89) 

Prescribed  by  ANSI  Std  239*19 


AUTOMATICALLY  COMBINING  CHANGES  TO  SOFTWARE  SYSTEMS 


FINAL  REPORT 


Valdis  Berzins 


JANUARY  1995 


U.  S.  ARMY  RESEARCH  OFFICE 


CONTRACT  /  GRANT  NUMBER  ARO  117-93 


NAVAL  POSTGRADUATE  SCHOOL 


APPROVED  FOR  PUBLIC  RELEASE; 
DISTRIBUTION  UNLIMITED. 


1 


1.  Statement  of  the  Problem  Studied 


This  project  has  been  working  to  establish  a  theoretically  sound  approach  to 
managing  changes  to  software  systems  via  automated  methods  for  combining  changes 
with  provable  guarantees  of  correcmess.  The  objectives  of  the  research  were 

(1)  to  develop  the  general  mathematics  formalizing  the  semantics  of  changes  to 
software  systems, 

(2)  to  develop  algorithms  for  automatically  combining  such  changes  that  provide 
guarantees  of  correctness  when  the  changes  are  compatible  with  each  other,  and 

(3)  to  detect  and  locate  inconsistencies  for  correction  of  requirements  when  the 
changes  are  not  compatible. 

Given  a  base  version  of  a  software  system  and  two  different  enhanced  versions, 
we  are  seeking  to  automatically  construct  a  combined  version  that  simultaneously 
incorporates  both  of  the  enhancements  to  the  base  version.  Semantically  based 
methods  for  combining  changes  are  needed  because  (1)  manual  methods  are  labor 
intensive  and  error  prone,  and  (2)  conventional  tools  for  combining  changes  treat 
software  objects  as  uninterpreted  text  strings  and  do  not  guarantee  the  integrity  of  the 
results. 

Combining  changes  to  a  system  is  a  central  problem  in  many  software  develop¬ 
ment  and  maintenance  activities,  particularly  in  contexts  where  several  enhancements 
are  developed  concurrently.  Experimental  work  has  established  that  many  software 
errors  can  be  attributed  to  the  difficulty  of  understanding  interactions  between  scattered 
pieces  of  code  [11].  Combining  changes  to  a  system  is  a  central  problem  in  many 
software  development  and  maintenance  activities.  Software  systems  are  created  and 
evolve  in  a  series  of  extensions,  enhancements,  and  changes  as  new  requirements  are 
discovered;  as  existing  requirements  are  extended,  reformulated,  or  dropped;  and  as 
system  faults  are  discovered  and  repaired.  This  process  leads  to  a  branching  structure 
of  version  histories.  Operations  for  combining  changes  are  needed  in  all  of  the  follow¬ 
ing  contexts. 


(1) 


(2) 


Different  branches  can  represent  alternative  designs  for  the  same  enhancement. 
Automated  tools  for  combining  changes  can  be  used  to  explore  alternative  choices 
for  decisions  in  the  context  of  software  prototyping  and  exploratory  design. 
Speed  and  accuracy  provided  by  tool  support  can  enable  exploratory  evaluations 
of  design  alternatives  based  on  experimental  measurements,  although  these 
processes  are  often  impractically  slow  and  expensive  if  done  manually,  especially 
when  exploring  combinations  of  several  interacting  design  decisions. 


Different  branches  can  represent  enhancements  developed  in  parallel  by  different 
engineers  or  teams.  Semantically  based  tools  for  combining  changes  are  useful 
for  combining  the  results  of  such  parallel  efforts.  Different  people  working  con¬ 
currently  on  a  large  software  system  usually  have  incomplete  knowledge  of  what 
the  others  are  doing.  Semantically  based  tools  for  combining  changes  are  essen¬ 
tial  for  preserving  the  integrity  of  such  systems,  since  people  can  detect  incon¬ 
sistencies  only  if  they  have  knowledge  of  a  conflicting  set  of  decisions. 
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(3)  Different  branches  can  represent  alternative  implementations  of  the  system  for 
different  operating  environments  which  are  derived  from  a  common  base  version 
of  the  system.  An  enhancement  to  such  a  software  family  can  be  developed  once 
based  on  the  common  root  version,  and  propagated  automatically  to  all  of  the 
environment-dependent  variations  by  a  tool  for  combining  changes.  In  the  gen¬ 
eral  case,  there  can  be  many  branches  of  the  development  affected  by  a  change, 
and  there  can  be  long  chains  of  indirectly  induced  modifications,  as  discussed  in 
[12].  Similar  patterns  of  change  propagation  occur  when  a  fault  in  a  design  deci¬ 
sion  is  discovered  only  after  several  subsequent  changes  have  been  based  on  the 
faulty  decision. 

2.  Summary  of  the  Most  Important  Results 

We  have  previously  investigated  the  problem  of  combining  programs  that  com¬ 
pute  partial  functions  [3],  which  is  a  simplified  version  of  the  problem  addressed  by 
this  project.  We  developed  the  earliest  formulation  of  semantic  correcmess  for  merg¬ 
ing,  in  terms  of  a  semantic  lattice.  This  model  applies  to  the  special  case  of  compati¬ 
ble  extensions  to  functions,  and  addresses  the  problem  of  merging  versions,  rather  than 
merging  changes  to  versions.  Artificial  conflict  elements  are  used  to  formally  locate 
inconsistencies  between  versions  that  conflict.  The  paper  also  presents  some  semanti¬ 
cally  sound  merging  methods  for  functional  programs  (including  recursion  but  not  state 
changes  or  loops). 

Program  modifications  and  imperative  programs  were  first  addressed  by  [9],  using 
program  slicing  [13].  This  work  uses  program  dependence  graphs  [8],  originally 
developed  for  optimizing  compilers,  to  calculate  combined  changes  for  flowchart  pro¬ 
grams  with  assignments.  Investigations  of  the  semantics  of  slices  have  shown  that  the 
method  gives  correct  results  in  the  cases  where  it  does  not  report  a  failiure.  A  weak¬ 
ness  of  the  work  is  the  data-flow  approximation  used,  which  does  not  take  into  account 
the  semantics  of  the  conditional  decisions  in  the  programs.  Because  of  this,  the  exist¬ 
ing  program  dependence  graph  algorithms  report  conflicts  between  any  two  changes 
that  potentially  affect  the  same  output  variables,  even  if  the  changes  affect  disjoint  por¬ 
tions  of  the  input  space,  and  therefore  cannot  interfere  with  each  other.  The  method 
also  does  not  have  any  formal  model  or  representation  for  inconsistencies,  and  does 
not  directly  provide  diagnostic  information  on  failure. 

The  two  approaches  outlined  above  essentially  cover  the  entire  state  of  the  art  of 
software  merging  prior  to  this  project.  The  main  results  of  the  project  are  models  and 
methods  for  software  merging  that  combine  the  complementary  strengths  of  the  two 
approaches  described  above. 

We  developed  a  model  of  change  merging  that  is  a  uniform  extension  of  standard 
denotational  semantics  [5].  This  model  handles  merging  of  arbitrary  changes  to  pro¬ 
grams,  and  contains  a  suitably  extended  set  of  conflict  elements  to  support  formal  loca¬ 
tion  of  inconsistencies.  Our  model  is  used  to  determine  some  general  properties  of 
change  merging,  and  in  particular  to  explore  the  degree  to  which  changes  to  the  com¬ 
ponents  of  a  functional  composition  (modules  related  by  data  flow  relations)  can  be 
merged  independently.  Examples  show  that  this  is  not  possible  in  the  general  case, 
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and  some  special  conditions  where  it  is  possible  are  characterized.  Our  model  covers 
most  of  the  standard  constructions  of  domain  theory,  including  sums,  products,  func¬ 
tion  spaces,  and  two  of  the  three  kinds  of  power  domain,  and  hence  applies  to  a  large 
class  of  programming  languages.  The  third  kind  of  power  domain  (the  Egli-Milner 
construction)  is  shown  to  have  a  property  that  precludes  treatment  by  any  of  the 
known  formalisms  for  modeling  change  merging  (i.e..  Boolean  and  Browerian  alge¬ 
bras),  which  indicates  fundamental  difficulties  associated  with  the  interaction  between 
parallel  programs  and  computations  that  can  fail  to  terminate.  This  construction  is 
needed  if  we  want  the  meaning  of  a  parallel  program  that  sometimes  works  correctly 
and  sometimes  diverges  to  be  different  from  the  meaning  of  a  program  that  always 
diverges  and  also  different  from  the  meaning  of  a  program  that  always  works 
correctly. 

We  also  developed  a  method  for  semantic  change  merging  based  on  program 
meaning  functions  [4].  This  method  improves  merging  accuracy  at  the  expense  of 
computing  time.  Accuracy  is  improved  in  the  sense  that  the  method  will  produce  suc¬ 
cessful  and  semantically  correct  merges  in  cases  where  the  program  slicing  method 
will  report  failures.  These  cases  correspond  to  the  inability  of  the  program  slicing 
approach  to  recognize  disjoint  execution  path  conditions  and  behavioral  equivalences 
between  different  algorithms.  The  meaning  function  approach  should  in  principle  be 
capable  of  deriving  any  semantically  valid  merge.  However,  the  method  can  run  for¬ 
ever  if  it  is  not  restricted.  Some  heuristics  to  constrain  the  search  for  practical  use  are 
suggested  in  the  paper.  This  approach  can  also  produce  results  in  an  extended  domain 
that  includes  representations  for  conflict  elements  in  programs.  In  the  cases  where 
such  conflict  elements  are  produced  the  method  provides  diagnostic  information  to 
locate  particular  inconsistencies  between  program  changes  that  lead  to  merging 
failures. 

Our  theoretical  models  have  been  applied  to  develop  and  implement  a  merging 
method  for  the  prototyping  language  PSDL  [10].  The  novel  features  of  this  language 
are  hard  real-time  constraints,  parallel  computation,  and  nondeterminism.  The  merging 
method  is  based  on  an  extension  of  the  slicing  idea.  Correctness  of  the  method 
depends  on  a  behavioral  invariance  theorem  for  slices  that  was  proved  relative  to  a 
semantic  model  that  captures  the  nondeterministic  and  real-time  aspects  of  PSDL  pro¬ 
grams.  An  implementation  of  this  method  is  described  in  [6, 7]. 

We  have  also  developed  a  model  for  controlling  the  evolution  of  a  software  sys¬ 
tem  [2].  The  model  is  a  refinement  of  earlier  work  [12]  to  support  the  integration  of 
project  coordination  and  configuration  management  in  the  context  of  evolutionary  pro¬ 
totyping.  The  model  has  been  the  basis  for  the  design  and  implementation  of  an  evo¬ 
lution  control  system  for  prototypes  developed  using  PSDL  and  the  computer-aided 
prototyping  system  CAPS  [1].  The  functions  provided  by  the  evolution  control  system 
include  computer-aided  planning  of  software  evolution  steps,  automated  project 
scheduling,  automated  assignment  of  tasks  to  designers  based  on  declared  management 
policies,  automated  versioning  of  software  objects,  automated  check  in  and  check  out 
of  versions  from  the  design  database,  automated  monitoring  of  progress  with  respect  to 
deadlines,  and  decision  support  for  adjusting  deadlines  if  timely  completion  becomes 
infeasible. 
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